Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Web Directory Security

Status
Not open for further replies.

kathrync2003

Programmer
Mar 25, 2003
19
CA
Hello

I have a directory on my web server where I have placed directory security that prompts for a user name and password
into a secure area of my site.

I have a link on one of my web pages inside this directory whre the user can log out.

How do I locate where this login information
is stored.

 
If you're using HTTP Authentication (and it sounds like you might be, whether knowingly or not), I believe this can only be achieved by closing the browser down (see reference below).

With HTTP authentication, the client (such as a web browser) presents its own authentication dialog to the user when prompted for credentials by the server, after an initial request of a resource that is in a protected realm. (A realm is a URI, such as "/admin" and all resources under that URI, such as "/admin/moderation" and "/admin/users".) The user enters their username and password into the dialog, thereby authenticating themselves to the client for the requested realm. The client then uses those credentials to authenticate with the server for that realm from then on, until the client is exited. (I.e., there is usually no way to log out of a client authentication except by ending the client process.)
(Source:
Clive
Runner_1Revised.gif

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"To err is human, but to really foul things up you need a computer." (Paul Ehrlich)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To get the best answers from this forum see: faq102-5096
 
Thanks for answering.

I mean where the login credential is stored on the visitor's machine.

I have a logout link and I want this link to
clear out the userid and password fields.

 
...and as Stretchwickster stated, if you are using HTTP Authentication (as I too suspect you are) then you proabably won't be able to make the logout link work.

Although, the webdev plugin for Firefox manages to clear HTTP Authentication without restarting the browser. So it must be possible in some way. Perhaps by clearing out all the session vars?

<honk>*:O)</honk>

Earl & Thompson Marketing - Marketing Agency Services in Gloucestershire
 
[!]This isn't tested[/!] but if using PHP you could try something like the following:

Code:
$_SERVER['PHP_AUTH_USER']="";
$_SERVER['PHP_AUTH_PW']="";

This would probably be a question more suited to the forum for whichever server side language you are using.

<honk>*:O)</honk>

Earl & Thompson Marketing - Marketing Agency Services in Gloucestershire
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top